[PATCH 4.9 108/271] media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
From: Greg Kroah-Hartman
Date: Tue Jan 28 2020 - 09:21:10 EST
From: YueHaibing <yuehaibing@xxxxxxxxxx>
[ Upstream commit 2e7682ebfc750177a4944eeb56e97a3f05734528 ]
'vb' null check should be done before dereferencing it in
tw5864_handle_frame, otherwise a NULL pointer dereference
may occur.
Fixes: 34d1324edd31 ("[media] pci: Add tw5864 driver")
Signed-off-by: YueHaibing <yuehaibing@xxxxxxxxxx>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/media/pci/tw5864/tw5864-video.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/pci/tw5864/tw5864-video.c b/drivers/media/pci/tw5864/tw5864-video.c
index 1ddf80f85c248..27ff6e0d98453 100644
--- a/drivers/media/pci/tw5864/tw5864-video.c
+++ b/drivers/media/pci/tw5864/tw5864-video.c
@@ -1386,13 +1386,13 @@ static void tw5864_handle_frame(struct tw5864_h264_frame *frame)
input->vb = NULL;
spin_unlock_irqrestore(&input->slock, flags);
- v4l2_buf = to_vb2_v4l2_buffer(&vb->vb.vb2_buf);
-
if (!vb) { /* Gone because of disabling */
dev_dbg(&dev->pci->dev, "vb is empty, dropping frame\n");
return;
}
+ v4l2_buf = to_vb2_v4l2_buffer(&vb->vb.vb2_buf);
+
/*
* Check for space.
* Mind the overhead of startcode emulation prevention.
--
2.20.1